From dave at immunityinc.com Wed Jan 3 15:15:49 2018 From: dave at immunityinc.com (David Aitel) Date: Wed, 3 Jan 2018 07:15:49 -0800 Subject: [Dailydave] Towards Heat Death Message-ID: So much of internet security is pointing out to overly optimistic people that they are trying to fight from their back, against a hungry T-Rex who doesn't care about your brazilian jiu jitsu black belt, and has no arms to armbar anyways. Like, one of my favorite papers Immunity ever did was the Cloudburst [1] paper, wherein various member of the DoD wanted to put SECRET and UNCLASSIFIED networks on the same computer, separated by a hypervisor. What we said was "in this one instance you can break the hypervisor and obtain full control from a guest" but what we meant was "Doing things in this insane way makes the T-Rex hungrier." Likewise, while side channel attacks are the least sexy of all attacks in demos on the conference stage, but I feel like processors have been up against the physics wall for a decade, and when I hang out with processor people all we hear about is heat management processors because no processor can run as fast as its spec says it can with more than one core at a time, and even then, not for very long. I feel like James Mickens has a whole paper on this stuff that no one read or took seriously? [2] Anyways, these are exciting times, and it's because new bug classes are being detected as fast as new bugs used to be and the T-Rexs are hungrier than ever. -dave [1] http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf [2] http://scholar.harvard.edu/files/mickens/files/theslowwinter.pdf -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Tue Jan 9 10:23:25 2018 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 09 Jan 2018 10:23:25 -0000 Subject: [Dailydave] Own on install. How grave it is? Message-ID: <20180109102310.GF869@sivokote.iziade.m$> This is well known, haven't seen it discussed. In short doing clean install (factory defaults) has a window of opportunity when the device is vulnerable to a known network attack. It used to be common sense to reinstall after compromise (probably doesn't apply to the windows world where the antivirus takes care). All versions of windoze are affected by the SMB bug to my knowledge. Debian jessie (old stable) is vulnerable to malicious mirror attack. More of interest to me are devices where the installation media is fixed and can't be changed. This includes smartphones and wireless routers. Some smartphones might be vulnerable to wifi RCE (found by google?). Some wireless routers might be vulnerable to wifi RCE or default admin password attack over wifi. Internet of Things will make things worse (some NAS devices are affected). Shielding the device might not be solution since updates must be applied. Are the above concerns real? Have this been studied systematically?